12-04-2013 08:57 AM - edited 03-07-2019 04:55 PM
Hi Everybody,
I have pasted the whole configuration of my cisco 3760 switch.
I have having a issue with vlan trunking
on ethernet port 1/0/1 i have configured switch mode trunk.
i have used the following command
switchport trunk encapsulation dot1q
switchport trunk nativ vlan 8
switchport trunk allowed vlan 1-10
If i use nativ vlan command then i get communication with the only described vlan. I want to be able to communicate with vlan 2 and 8.
switchport trunk nativ vlan 8 ( in this case if my laptop is configured with static ip address of vlan 3 it will not work) it will only work if laptop is configured with static ip from vlan 8
switchport trunk nativ vlan 2 ( in this case if my laptop is configured with static ip address of vlan 8 it will not work)it will only work if laptop is configured with static ip from vlan 2
i want to trunk in a way that i can access both vlan depending upon laptop configuration
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ABCD2013SW01
!
logging buffered 64000 debugging
no logging console
enable secret 5 ----------------------
enable password 7 -------------------
!
username badmin privilege 15 secret 5 $1$3xoh$Hpp2jaldsfjladsfj
username muadminas privilege 15 secret 5 $1$YJb6$sCdareljlkje9ff
aaa new-model
aaa authentication login CON local
aaa authentication login VTY local
aaa authentication enable default enable
aaa authorization exec default local
!
aaa session-id common
clock timezone CET -5
clock summer-time EDT recurring
switch 1 provision ws-c3750g-24ts-1u
vtp mode transparent
ip subnet-zero
no ip source-route
ip routing
ip icmp rate-limit unreachable 1000
ip domain-name xxxxxx.xxx
ip name-server 192.168.1.2
ip name-server 192.168.1.3
!
ip dhcp-server 192.168.1.3
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
--More-- !
vlan internal allocation policy ascending
!
vlan 2
name inside
!
vlan 8
name Internal_LAN
!
interface Null0
no ip unreachables
!
interface GigabitEthernet1/0/1
description **LAN**
switchport trunk encapsulation dot1q
switchport trunk nativ vlan 8
switchport trunk allowed vlan 1-10
switchport mode trunk
no logging event link-status
spanning-tree portfast
!
interface GigabitEthernet1/0/2
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/3
description *** User Port ***
switchport access vlan 8
switchport mode access
no logging event link-status
spanning-tree portfast
!
interface GigabitEthernet1/0/4
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/5
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/6
description *** User Port ***
switchport access vlan 2
switchport mode access
--More-- !
interface GigabitEthernet1/0/7
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/8
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/9
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/10
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/11
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/12
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/13
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/14
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/15
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/16
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/17
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/18
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/19
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/20
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/21
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/22
description *** User Port ***
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/23
description *** User Port ***
switchport access vlan 8
switchport mode access
!
interface GigabitEthernet1/0/24
description *** User Port ***
switchport access vlan 8
switchport mode access
!
interface GigabitEthernet1/0/25
description **UPLINK**
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-10
switchport mode trunk
!
interface GigabitEthernet1/0/26
description **UPLINK**
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-10
switchport mode trunk
!
interface GigabitEthernet1/0/27
description **UPLINK**
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-10
switchport mode trunk
!
interface GigabitEthernet1/0/28
description **UPLINK**
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-10
switchport mode trunk
!
interface Vlan1
no ip address
no ip redirects
ip directed-broadcast
no ip proxy-arp
shutdown
!
interface Vlan2
description ** Management **
ip address 192.168.1.92 255.255.255.0
no ip redirects
ip directed-broadcast
no ip proxy-arp
!
interface Vlan8
description ** Internal_LAN **
ip address 172.168.1.92 255.255.255.0
ip helper-address 192.168.1.3
no ip redirects
ip directed-broadcast
no ip proxy-arp
!
ip default-gateway 192.168.1.1
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip http authentication local
!
access-list 97 remark ** NTP-ACCESS **
access-list 97 remark ** NTP-Server
access-list 97 permit 192.168.1.3
access-list 97 deny any log
access-list 98 remark ** SNMP-ny any log
access-list 98 remark ** SNMP-ACCESS **
access-list 98 permit 192.168.1.60
access-list 98 deny any log
access-list 99 remark ** VTY_ACCESS **
access-list 99 deny any log
access-list 99 permit 192.168.1.0 0.0.0.255
snmp-server community abiYHORHAEN RO
snmp-server chassis-id ABCD2013SW01
radius-server source-ports 1645-1646
!
control-plane
!
banner exec ^CCCCCCCCC
VMWAFAR TECHNOLOGY
you are now connected to: $(hostname).$(domain)
^C
banner login ^CCCCCCCCC
********************************************************************
** banner **
**********************WARNING***************************************
*secure *
********************************************************************
^C
!
line con 0
exec-timeout 30 0
login authentication CON
history size 30
transport output none
stopbits 1
line vty 0 4
access-class 99 in
exec-timeout 30 0
password 7 091D5EADKRCR130700
logging synchronous
login authentication VTY
length 0
history size 30
transport preferred none
transport output none
line vty 5 15
access-class 99 in
exec-timeout 30 0
password 7 091D5E080138934450
logging synchronous
login authentication VTY
length 0
history size 30
transport preferred none
transport output none
!
ntp clock-period 36028917
ntp access-group peer 97
ntp server 192.168.1.7 prefer
end
12-04-2013 09:29 AM
Hi,
The most probable case is that you PC can't really speak 802.1q language and it can't handle tagged frames. Therefore it drops them. That's why you can communicate in native vlan without problems (because the frames are all untagged).
I guess that if you change that IP to VLAN which is not native, your packet actually makes it to the destination (switch receives the frame untagged and routes the packet to appropriate VLAN thanks to SVI) but the reponse is dropped because your PC can't handle it (it comes back tagged - it isn't routed like before, because the switch, by all rights, sends it tagged over the trunk). Have you tried to sniff the communication through wireshark or similar tool?
You don't really need trunk port if you want to communicate with other VLANs, you just need to have ip routing enabled (which you have) and configure appropriate vlan interfaces (SVIs and I saw you have them too).
So change that port to access mode, assign it to "normal" access VLAN and you shoud be just fine. Try it. And if you want to restrict access from-to different VLANs, use access-lists.
Remember that dot1q interfaces are rarely used when interconnecting a switch and end station (there are of course special cases, such as connecting a server with subinterfaces or Router-on-a-stick). Trunks (or tagged interfaces - as other vendors call them) are designed mainly to connect switches together.
Best regards,
Jan
12-04-2013 09:45 AM
Thank Jan, it is usefull information but the envirment i am having issue is not just laptop. VMware servers are also configured here. which need vlan trunking.
12-04-2013 10:01 AM
Hi,
aaah yeah, allright. Sorry, I thought you are trying to connect just the laptop through that port - my apologies for all the basic info you surely know. So did you try to sniff some information through WShark or something similar? There could be many reasons why it doesn't work. And do you have servers alongside with laptops on that interface? Do these servers have issues as well? Also make sure that you have VMware configured for trunking. The thing is that end stations have to be able to understand dot1q - otherwise they will drop such frames. I know that you can configure that in Linux but I don't know which OS do you use.
Best regards,
Jan
12-04-2013 10:53 AM
Hi Jan,
on vmware guest operating system is windows 2008 server. Which value do i need to watch on wireshark
12-04-2013 12:05 PM
i also used show interface trunk
It gives me the following reply
vlans in spanning tree forwarding state and not pruned
12-04-2013 12:16 PM
Don't know whether this doc will help depending on what you are running VMware on -
Note that the native vlan must match on both ends of the trunk.
Jon
12-04-2013 12:42 PM
thanks jon
on vmware end it is set like the article
12-04-2013 12:45 PM
I'm not a VMware person so i don't know if that is exactly the server/version you are running but i thought it might help. Yes it is for the NIC on the server, nothing to do with the Cisco switch end.
Jon
12-04-2013 01:01 PM
it is not vm issue because if i connect my laptop it did not work either.
12-04-2013 01:06 PM
But, as Jan says, your laptop may not be understanding the vlan tags because on the switch end it is a trunk.
So if your NIC on the laptop was not running trunking and the WMware server is not set to trunk then it is a VMware server issue. Again, as Jan pointed out, it worked when you set your laptop was in the native vlan because the native vlan does not have a tag appled to the frames, but if it wasn't in the native vlan it didn't work, probably because it doesn't under the vlan tags.
Jon
12-04-2013 12:50 PM
Hi,
vlans in spanning tree forwarding state and not pruned
That's interesting... I just noticed that you have spanning-tree portfast configured under that interface but that is in place only if the port is in access mode. Try to configure it with spanning-tree portfast trunk instead.
Best regards,
Jan
12-04-2013 01:00 PM
Hi Jan
I changed to spanning-tree portfast trunk, no positive result
12-04-2013 01:11 PM
Hi,
I am not sure but that output from trunk is just not right. Either stp or pruning seems to be blocking the vlans for some reason. But you haven't got pruning enabled according to your configuration... and spanning tree is not blocking the vlans on that port, right?
Best regards,
Jan
12-04-2013 01:16 PM
sh interface trunk gives the following results. Yes, did not enabled prunning
Port Mode Encapsulation Status Native vlan
Gi1/0/1 on 802.1q trunking 1
Gi1/0/3 on 802.1q trunking 1
Gi1/0/25 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/0/1 2,8
Gi1/0/3 2,8
Gi1/0/25 1-10
Port Vlans allowed and active in management domain
Gi1/0/1 2,8
Gi1/0/3 2,8
Gi1/0/25 1-2,8
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/1 2,8
Gi1/0/3 2,8
Gi1/0/25 1-2,8
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: